IPsec provides data
con?¬?dentiality, data integrity, and origin authentication between participating peers at
the IP layer. IPsec secures a path between a pair of gateways, a pair of hosts, or a gateway
and host.
IPsec security services provide the following four critical functions:
?– Con?¬?dentiality (encryption): The sender can encrypt the packets before transmitting
them across a network. By doing so, no one can eavesdrop on the communication.
If the communication is intercepted, it cannot be read.
?– Data integrity: The receiver can verify that the data was transmitted through the
Internet without being changed. IPsec ensures data integrity by using checksums (also
known as a hash value or message digest), a simple redundancy check.
?– Authentication: Authentication ensures that the connection is made with the desired
communication partner. The receiver can authenticate the source of the packet,
guaranteeing and certifying the source of the information.
?– Antireplay protection: Antireplay protection veri?¬?es that each packet is unique and
not duplicated. IPsec packets are protected by comparing the sequence number of the
received packets with a sliding window on the destination host or security gateway.
Pages:
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458